Security Jobs in Rochester (EY) – InfoSec Security Consultant

Job Description:

As a Security Consultant within EY’s internal Security Consulting and Assurance team, the individual will be a trusted security advisor to EY’s Advisory and TAS service lines including delivery of a global managed services platform, big data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in delivery on programs and projects, defining security architectures, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also direct consultants in developing appropriate risk treatment and mitigation options to address security vulnerabilities to translate these vulnerabilities into business risk terminology for communication to business stake holders.

Job Responsibilities:

• Perform risk assessments of information systems and infrastructure
• Maintain and enhance the Information Security risk assessment methodology
• Provide knowledge sharing and technical assistance to other team members
• Define security architectures and provide pragmatic security guidance that balance business benefit and risks.
• Define security configuration standards for platforms and technologies
• Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
• Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
• Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit

Job Requirements:

• Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise
• Strong English language skills are required
• Five or more years of experience in the management of a significant Information Security risk management function
• Five or more years Working experience with the architecture, design and engineering of webbased multi-tier information systems or network infrastructures
• An overall understanding of the business objectives of EY with an ability to build relationships across EY IT
• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
• Experience in managing the communication of security findings and recommendations to IT project teams and management
• High degree of tolerance for ambiguity
• Ability to appropriately balance firm security needs with business impact & benefit
• Ability to facilitate compromise to incrementally advance security strategy and objectives
  skills
• 8 or more years of experience in an Information Security or Information Technology discipline
• Exceptional judgment, tact, and decision-making ability
• Strategic skills to assist with the development of a long-term vision for the firm’s risk management security framework & approach
• Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
• Experience with security architecture, design and assessment of messaging, ERP, CRM and or data analytics solutions
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Outstanding management, interpersonal, communication, organizational, and decision-making

Job Details:

Company: EY

Vacancy Type: Full Time

Job Location: Rochester, NY, US

Application Deadline: N/A

jobstrivia.net